We use cookies and similar technologies to recognize your repeat visits and preferences, to measure the effectiveness of campaigns, and improve our websites. For settings and more information about cookies, view our Cookie Policy. By clicking “I accept” on this banner or using our site, you consent to the use of cookies.

Avast Finds Flashlight Apps on Google Play Requesting Up to 77 Permissions

10 Sep 2019

Avast researchers found flashlight apps request 25 permissions on average

Prague, Czech Republic, September 10Y, 2019 – Avast [LSE: AVST], a global leader in digital security products, has found that Android flashlight applications request an average of 25 permissions. Using apklab.io, Avast’s mobile threat intelligence platform, Avast analyzed the permissions requested by 937 flashlight apps that either once made it onto the Google Play Store or are still available on the Store. Out of these, 408 request 10 permissions or less, 267 request between 11 and 49 permissions, and 262 apps request between 50 and 77 permissions.

Apps taking their right to request permissions too far

Applications can request permissions to access data or features on devices they need in order to function properly. For example, a flashlight application needs access to the phone’s flash in order to use it as a flashlight. However, many applications request access to more permissions than they actually need.

“Some of the permissions requested by the flashlight applications we looked into are really hard to explain, like the right to record audio, requested by 77 apps; read contact lists, requested by 180 apps, or even write contacts, which 21 flashlight apps request permission to do,” says Luis Corrons, Security Evangelist at Avast. “The flashlight apps we looked into are just an example of how even the simplest apps can access personal data, and it’s often not just the app developers that gain access to data when users download an app, but the ad partners they work with to monetize. Developer privacy policies are unfortunately not inclusive, as in many cases, further privacy policies from third-parties are linked within them.”

There is a gray area when it comes to flagging apps requesting too many permissions as malicious or potentially unwanted, as users themselves grant the permissions, which is why many security solutions do not mark them as malicious. Apps can request outlandish permissions, but that does not mean they carry out malicious activities, per se. When a user installs an app, they grant the app and any third-parties associated with it, the right to carry out actions the app lists in the permissions section. App developers often integrate ad software development kits (SDKs) into their code to earn money from advertisers. To allow these SDKs to target users with ads, the apps request countless amounts permissions.

It is therefore imperative that users carefully check the permissions an app requests, before installing the app. Furthermore, users should carefully read the privacy policies and terms and conditions, as well as user reviews on the app’s download page.

For more information, contact us:

About Avast: Avast (LSE: AVST) is the global leader in digital security products. With over 400 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, OPSWAT, West Coast Labs and others. Visit: www.avast.com.